CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2

CVE-2026-25541 affecting package rust-afterburn for versions less than 5.8.2-2. A patched version of the package is available...

WordPress Loco Translate plugin <= 2.8.2 - Authenticated (Translator+) Path Traversal to Limited File Read vulnerability

Authenticated Translator+ Path Traversal to Limited File Read vulnerability discovered by shark3y in WordPress Plugin Loco Translate versions = 2.8.2...

CVE-2018-25263

Faleemi Desktop Software 1.8.2 contains a local buffer overflow in the Device alias field of the Managing Log interface that allows an attacker with local access to trigger a structured exception handler (SEH) overwrite and execute arbitrary code (PoC shows calculator). The vulnerability is trigg...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the Resize-VHD PowerShell command construction process. An attacker can execute arbitrary PowerShell commands with the privileges of the affected process by supplying a crafted VM image path containing malicious...

GHSA-HH8V-HGVP-G3F5 league/commonmark has an embed extension allowed_domains bypass

Impact The DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This enabl...

CVE-2025-63009 WordPress WP Google Analytics Events plugin <= 2.8.2 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics Events: from n/a through = 2.8.2...

CVE-2025-47151

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

Astra Linux – Vulnerability in syslog-ng

syslog-ng is an enhanced logging daemon. Prior to version 4.8.2, the tlswildcardmatch function matched against certificates like foo..bar, although this is not allowed. It is also possible to pass partial wildcards, such as foo.ac.bar, which glib logs match, but this should be avoided/disabled...

UBUNTU-CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

CVE-2024-47619

CVE-2024-47619 — syslog-ng TLS wildcard bug Affected product: syslog-ng (log daemon). Prior to version 4.8.2, the tls_wildcard_match() function can erroneously match on certificates like foo..bar and accept partial wildcards such as foo.a c.bar, which glib matches but should be considered invalid...

CVE-2025-0930 Reflected Cross-Site Scripting (XSS) vulnerability in TeamCal Neo

Reflected Cross-Site Scripting XSS in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.php’...

CVE-2025-0929 SQL injection vulnerability in TeamCal Neo

SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ parameter in ‘/teamcal/src/index.php’...

PT-2024-39474 · WordPress · Xt Floating Cart For Woocommerce

Name of the Vulnerable Software and Affected Versions: XT Floating Cart for WooCommerce plugin for WordPress version 2.8.2 and earlier Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows...

GHSA-32JF-H775-G29H MongoDB Rust driver may issue unintended commands

Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2...

PYSEC-2024-42

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view.With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by defaul...

PT-2022-16875 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions 2.8.2 and prior in the stable branch Discourse versions 2.9.0.beta3 and prior in the beta branch Discourse versions 2.9.0.beta3 and prior in the tests-passed branch Description: Discourse is an open source discussion...

Directum Cross-Site Scripting Vulnerability

Directum is an application system of the Russian company Directum. An intelligent digital process and documentation system. A cross-site scripting vulnerability exists in Settings.aspx?view=About in Directum version 5.8.2. An attacker can exploit this vulnerability via the HTTP User-Agent header ...

XSS vulnerability in phpok version 4.8.278

phpok is a set of enterprise website system developed by Shenzhen锟絪 technology limited company using PHP+MYSQL language. An XSS vulnerability exists in phpok version 4.8.278. The vulnerability stems from insufficient filtering of URL jump parameters, which can be exploited by attackers to obtain...